0

How to send k8s audit logs to multiple servers/endpoints?
I tried to

  • pass multiple --audit-webhook-config-file arguments to kube-apiserver
  • add another cluster to the webhook config file

but these modifications are invalid and the kube-apiserver won't start up.

Petr Javorik
  • 210
  • 2
  • 7

1 Answers1

1

It's not possible to send audit logs to multiple servers using kube-apiserver arguments or configuration.

You have to deploy another service which mirrors incoming HTTP requests to multiple servers.

Using nginx ngx_http_mirror_module:

location / {
    mirror /mirror;
    proxy_pass http://audit-server-1;
}

location = /mirror {
    internal;
    proxy_pass http://audit-server-2;
}

Using gor https://github.com/buger/goreplay

gor --input-tcp :8000 --output-http "http://audit-server-1"  --output-http "http://audit-server-1"
Petr Javorik
  • 210
  • 2
  • 7